VPN

23K

Solutions

22K

Contributors

A virtual private network (VPN) is a network that uses a public telecommunication infrastructure, such as the Internet, to provide remote offices or travelling users access to a central organizational network securely. VPNs encapsulate data transfers using secure cryptographic methods and other security mechanisms to ensure that only authorized users can access the network and that the data cannot be intercepted.

Share tech news, updates, or what's on your mind.

Sign up to Post

We have two buildings connected with fiber.
Say
building A VLANs
192.168.1.0 – 192.168.10.0
Building B Vlans
192.168.11.0 – 192.168.15.0
ShoreTel Director is on Vlan 192.168.3.0
All ShoreTel phones are working fine between buildings.
We also have a remote users connected via VPN routers from home offices as ShoreTel will not work with any NAT translation.
VPN IP starting from 192.168.16.0 and up to 192.168.64.0
Remote office connected VPN (via remote cisco router to Building A router VPN)  can connect to any IP/Vlans from both buildings no problems.
While ShoreTel phones will connect fine between remote office and building A (when dialed by extension only) . W0hile when remote office (via VPN) will dial ShoreTel ext. in building B it will ring and connect the call, but there will be no voice head.it will ring but once call connected it ShoreTel callers do not hear each other unless they will a dial full 10 DID number.
So This routing problem is only relevant to ShoreTel phone system calls (  I believe same is for  any other IP based phone system as initially when call placed phone system acts as an intermediary between to extensions until call is connected and then two extensions should talk to each other directly)
From remote VPN location to the Building B. If I check routing between ShoreTel vlan in building B and VPN Vlan I can communicate fine.
I am looking for the answer from an Expert with strong ShoreTel experience and not looking or random - Did you …
0
On Demand Webinar: Networking for the Cloud Era
LVL 9
On Demand Webinar: Networking for the Cloud Era

Ready to improve network connectivity? Watch this webinar to learn how SD-WANs and a one-click instant connect tool can boost provisions, deployment, and management of your cloud connection.

Hello -

I'm looking to implement a (somewhat) cheap but reliable and secure VPN solution in a small organization. No more than 20 users at a time to connect to the main location for file sharing. It is a Windows environment(servers, laptops). I was looking into Direct Access but it seems like an overkill for such small organization (Licenses and servers). Ideally staff would use their AD credentials in order to authenticate.


Thank you very much!
0
Hello everyone,

Normally pretty good at figuring out these things, but this one has me stumped....

We have a SBS 2011 at our office behind an older (not supported anymore) Sonic Wall router. We use the Global VPN Client to connect to our network from our homes, but for some reason I never got the NetBios names to pass through the VPN connection, so we use the IP address \\192.168.16.10\sharedfile (thats the server with the shares). So this works for all users on all computers from many different locations, except for a newly updated box now running Windows 10. So I install the global VPN client just like I have 100 times in the past and connect to the VPN and type in the share, but now I get the follwing error in the Windows 10 machine:
Windows cannot access \\192.168.16.10
Error code 0x80004005

I can ping the server IP and get a response, just cant access anything.
One thing I did notice is that I never get a popup login form when I initially try to connect to the server shares where I put in my DOMAIN\USER and password. On other computers, that first time I connect to the share, that login form pops up and I have to login to the domain to get access to the shares.... now that I think about it that is probably where the issue lies.

The ONLY computer that I am having an issue with is the Windows 10 computer (all others are Windows 7).
I have a feeling it is some random setting in windows 10, but I cannot figure it out.

Thanks for the help!
1
I have some servers that i connect to over VPN. Does the Windows Server Manager allow connection to servers over VPN. When opening Server Manager on my Win 10 PC, it is unable to locate any of the servers, or AD. Hoever, normal AD tools are able to connect as well as DNS tools.
0
The user is a photographer and presently has an 8 TB RAID, which is physically carried between two locations every few months.

They now have a decent cable modem connection in the remote connection they use, with an upload speed of 10-15 mbs

Their activity consists of loading in 2-15 gigabytes every week or so, cataloging and adjusting the photos with Adobe Lightroom.  Computers are MacOS X, maintained to the latest version of the operating system that supports Lightroom.  

What's the best way to keep two copies of the RAID in sync over the Internet?  I can set up a VPN.

Thanks
0
Cannot seem to find the answer to this anywhere.. Does Google Authenticator require a RADIUS server linked to Active Directory? If not how does it authenticate against the domain\user?

Thanks in advance,
0
Hi All,

I'm working for a company who are currently using VASCO hard tokens for two-factor authentication. They want to switch over to a soft token (e.g google authenticator) however after reading this (https://www.wikidsystems.com/blog/5-issues-enterprises-should-consider-before-using-google-authenticator-for-ssh/) I've been slightly put off. Also nobody can seem to 100% confirm whether a RADIUS server in Active Directory is required for Google Authenticator or whether Google provide one. I've spoken to Barracuda who said it should be as simple as creating a new authentication scheme on the VPN and selecting Google Authenticator as the option however I wanted this confirmed by Google before beginning.

What are other two factor authentication methods that are best used in Enterprise environments? And was a RADIUS server required etc?

Thanks in advance,
0
I am looking for a way to restrict non-domain computers to a separate network when they're connected over a VPN.  If you have a domain laptop and connect with the VPN, you should get a DHCP scope that puts you on the internal network with full visibility (as if you were in the office).  If you are connecting with the VPN from a non-domain computer (personal computer from home), you end up on a different (isolated) network.  The isolated network then has access to RDP protocol only to the internal network, but no other visibility.  This way, we can allow individuals to connect (using VPN) from unmonitored (and potentially unsecured) home computers to then RDP into their work computers.  Can this be accomplished through a combination of NAP and DHCP NPS?  NAP doesn't seem to be able to check for domain status or even something such as 'if fqdn contains ourdomain' and I see where NPS can put you on a different DHCP scope, but I don't think that's enough.  I'm missing something or it's not possible.  Any help is appreciated.
0
HP RAS Tools crashes on an HP Elitebook 8470P running Windows 7 Enterprise
RAS Tools will not install successfully on this laptop.  Its been reimaged at least 3 times.
how do I locate the missing file and determine what it is that needs to be installed for it to work?

Failed to connect to an IPC Port: The system cannot find the file specified.

Source: mscorlib
Exception: Failed to connect to an IPC Port: The system cannot find the file specified.
 
Stack Trace:

Server stack trace:
   at System.Runtime.Remoting.Channels.Ipc.IpcPort.Connect(String portName, Boolean secure, TokenImpersonationLevel impersonationLevel, Int32 timeout)
   at System.Runtime.Remoting.Channels.Ipc.ConnectionCache.GetConnection(String portName, Boolean secure, TokenImpersonationLevel level, Int32 timeout)
   at System.Runtime.Remoting.Channels.Ipc.IpcClientTransportSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream)
   at System.Runtime.Remoting.Channels.BinaryClientFormatterSink.SyncProcessMessage(IMessage msg)

Exception rethrown at [0]:
   at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
   at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
   at EDS.RasTools.RasToolsService.RemoteableClass.get_NewConnectState()
   at EDS.RasTools.RasTools.RasMain.OnProxyRepairTimer(Object sender, …
0
Hi

Reading a bit into this, but not getting far really, even speaking with sales.

We have 3 sites.  Using mix of cisco/juniper connected over VPN.  Works well.  No HA in place.  Backup internet links.   All managed by 3rd party.  SIP/Voip terminates at HQ so need continuity of this.

Has anyone migrated from MPLS/SD-Wan.  Any suggestions internally managing or 3rd party co?

Thanks
0
ATEN's HDBaseT Presentation at InfoComm 2017
ATEN's HDBaseT Presentation at InfoComm 2017

Hear ATEN Product Manager YT Liang review HDBaseT technology, highlighting ATEN’s latest solutions as they relate to real-world applications during her presentation at the HDBaseT booth at InfoComm 2017.

OK hope I can describe this properly, have a general question I'd like to ask.

We look after 2 companies, "Company 1" have 2 staff who need to access information on both their own server and on the server at Company 2.  Unfortunately at the moment both companies have a single DC (SBS 2011 at Company 1 and Server2012 at Company 2)  both of these servers happen to have the same local IP address and their default gateway LAN address is also the same.  In order for Company 1 staff to access the Company 2 server I've set up a VPN connection so that they can dial in as and when they need access, I've also got a batch file set up which swaps the hosts files around so that the PC's know which server to point to despite them having the same IP address.

The problem with this is that they are now saying that they need to have mapped drives open on the Company 1 server and on the Company 2 server and want to be able to drag and drop between the two (at the moment they are dragging to the desktop, swapping host file, disconnecting from VPN then copying into the other server mapped drive).  

I'm toying with the idea of just advancing the IP address of the DC at Company 2 by 1 digit so I can do away with the need to host switch but what I wanted to ask is how can I be able to access a mapped drive on Company 1 server while connected to Company 2 server via VPN? Is there any easy way to do this at all?

Many thanks

Adam
0
I have 4 VPN connections, all Windows XP computers, one Windows 10 computer.  I've been able to access computer shared files by computer name... then one day on the Windows 10 computer I couldn't but can by IP address.  The XP computers on the VPN are working fine.  There has not been any network configuration changes, NETBIOS is enabled in the router's VPN setup and in the Windows 10 TCP/IP configuration.

Before I resort to editing my host file to make names work again, I would like to resolve why it all of a sudden stopped working.  I feel like editing the host file is not the proper solution given all other XP computers are working AND this windows 10 computer was working.

Suggestions are greatly appreciated.
0
Hi Sir,

Would like to ask for your help about the problem listed below,

[Tunnel Authorize Fail] ignoring Delete SA payload: PROTO_IPSEC_ESP SA(0xccb797a8) not found (maybe expired)

Hoping that you can help me resolve this matter.


Thank you in advance.
0
Hi All

 I have had the Cisco ASA5505 setup as the firewall for my company for about 3 Years, without issue I have been able to use CISCO ANYCONNECT to connect remotely to my network etc.. For some reason, I now get a message stating " anyconnect not enabled on the vpn server".. my sh run webvpn is below

Free memory:        71697768 bytes (27%)
Used memory:       196737688 bytes (73%)
-------------     ----------------
Total memory:      268435456 bytes (100%)
5505ASA# sh run webvpn
webvpn
 enable outside
 anyconnect-essentials
 svc enable
 tunnel-group-list enable
5505ASA#
If I go through the ASDM wizard and attempt to install the SSL VPN via anyconnect, I get an error as shown in screenshot below. ( File write error check disk space)  which I am not understanding as the cache-fs they say to use does not exsist.

its a small office, with only anyconnect , asdm, and asa.bin files on it, small running config,  so I am lost as to why I cannot add Anyconnect especially when its always worked.  

sh disk 0 is also shown below.

5505ASA# sh disk
--#--  --length--  -----date/time------  path
    3  4096        May 17 2013 13:51:48  log
   13  4096        Aug 13 2017 15:29:23  coredumpinfo
   12  4096        Aug 29 2009 07:33:22  crypto_archive
   97  16459776    May 17 2013 13:47:00  asa822-k8.bin
   98  11869456    May 17 2013 13:49:32  asdm-625-53.bin
   99  35167466    Mar 03 2014 10:04:32  anyconnect-win-3.1.05152-k9.pkg

127111168 bytes total …
0
Hi again everyone -

So sorry to be a pest. Now that I have my ASA 5505 up and running with successful Internet access by devices on my LAN, I can't seem to get my DMZ to gain internet access. Nor can I get a simple IPSec site-to-site VPN to work.  This is really frustrating as the ASA on the other side already participates in another separate site-to-site VPN (setup by me) which works just fine.

I have looked at NAT rules and access rules and can't seem to find the difference. The only thing I did differently on this VPN was try Diffe-Hellman Group 1 as group 2 settings didn't work.

Below is the sanitized config of the ASA that has a working DMZ and a working VPN as well as the non-working VPN.  I have replaced my static public IP with xx.xx.xx.xx and the peer IPs in the VPNs are vv.vv.vv.vv for the one that works and ng.ng.ng.ng for the one that doesn't work.

I will return to this post momentarily and add a comment with the running configuration of the ASA at the other site.

Thanks in advance for any help.

Result of the command: "sh run"

: Saved
:
ASA Version 8.2(1)
!
hostname ciscoasa
enable password /zzzzzzzzz encrypted
passwd zzzzzzz.zzzz encrypted
names
name 192.168.1.0 dmz_outside
!
interface Vlan1
 nameif inside
 security-level 100
 ip address 10.0.0.1 255.0.0.0
!
interface Vlan2
 nameif outside
 security-level 0
 ip address xx.xx.xx.xx 255.255.255.252
!
interface Vlan3
 no forward interface Vlan1
 nameif dmz
 
0
It frequently happens that when I try to use PAN Global Protect for work VPN that the authenticator token doesn't arrive until after the Global Protect connection attempt has given up/timed out. If I try to connect a second time then the token for the first attempt will often arrive during attempt #2, the second during attempt 3 and so on.

What is likely the problem? And is there anything I can do as an end user to fix this? Anything that IT could do to fix the delays of the token?
0
Hello team,

We have created a vpn tunnel (VPC) from our physical office to Amazon. The tunnel is active but I can't connect to any of my Ec2 machines using the private ip address. Is there anything additional that needs to be done in the amazon side to make this work? I'm not sure if there's a firewall or something I will need to configure as well.

Thank you!
0
So I have Fortinet firewalls in all my offices which are linked together with IP VPN's

I have configured FortiClient in my London office and when I connect in on FortiClient I can get to all my servers in London, however, I cannot get to my New York office  despite there being a VPN already in place.

I have created a Policy from the SSLVPN to the New York office still no joy.

I have added the IP range given out on the FortiClient to the VPN both sides in Phase 2. Again still no joy.

Once  get this working I will also need to get it working so that I can get to resources in AWS which again I have a VPN already up and running.

Any help will be greatly appreciated.

Cheers,

Glenn
0
So the current system used stores users "My Documents" and other files in a personal drive and on a server. We use Microsoft's Sync Center to ensure both "My Documents" and the personal drive contain the most current data.

The problem is since users files are also available offline sometimes remote users don't connect to our server(they need to access our VPN to do so). This causes a problem with synchronization. It's very time consuming to check one person at a time on Microsoft's Sync Center.

Is there a way to automate detection? Maybe a Cmdlet?
0
Four New Appliances. Same Industry-leading Speeds.
Four New Appliances. Same Industry-leading Speeds.

But don't take it from us.  The Firebox M370 is Miercom tested and Miercom approved, outperforming its competitors for stateless and stateful traffic throughput scenarios.  Learn more about the M370, M470, M570 and M670 and find the right solution for your organization today!

as in my scenario our fortigate is configured for ssl VPN but the problem is it can connect but is not able to access the network resources and is unable to ping any internal network servers or switches.
0
I am looking for inputs on a routing issue that we are having. We had to replace a failed ASA after a hard failure without the benefit of a saved config anyplace.The Circuits is a CenturyLink IQ circuit. There are two other locations in the CUG.

After doing a base configuration including default route to our Public IP of our Circuit ( a constraint for PPTP VPN traffic that is legacy)  we are unable to move traffic from a remote site with the same Public/Private port set up. A brief layout.

Site A IQ Circuit - 10.10.8.0\24 Trusted LAN, Public IP of 208.115.1.10  Private IP of 65.65.65.65
Site B IQ Circuit (HQ)- 10.10.10.0\24 Trusted Lan, Public IP of 210.120.1.10 Private IP of 66.66.66.66
Site C Private Circuit ( Data Center ) 172.28.16.0\24 Connects via IKEv2 VPN Tunnel

Traffic flows from B to A , B to C , A to C , C to A and C to B.

The missing piece is what I believe is a route issue.When Site A attempts to ping traffic ( 10.10.8.0 to 10.10.10.0 ) that traffic expires in transit. Looking at a tracert I see that the last successful hop is the Juniper Device ( The Centurylink Serial ) which has a x.x.x.37. as there is no route into the ASA currently.

I recalled a route on the failed device, however not being ours at that point i foolishly did not make a copy of that running config.Does someone have a good example of what this route would look like for ASA 8.2?Currently I have a default route of 0.0.0.0. (EXTERNAL INTERFACE IP) as well as the VPN Traffic …
0
The 5505 was working fine before migration, two new ISP providers been used and I had to reconfigure all tunnels. 50% of them came up just fine, but other half is down. I would appreciate the assistance. I can post the config shortly, Thank you
0
I've just taken on a new client who have just moved offices, they have a Kerio Firewall which has its own built in VPN called Kerio VPN, it worked fine in their old office but after moving its stopped working, in the old office their was a basic BT modem plugged ito the Kerio, now there is a Technicolor router, I've tried forwarding the relevant port through the Technicolor to the Kerio but it still wont connect, the VPN clientn im using to connect in is unable to talk to the Kerio firewall, im guessing its some kind of traffic/pass through issue.

Any help appreciated.
0
Hello,

I need to configure a site to site VPN between 2 sonicwalls. I need to allow subnets 10.1.10.10. /24 (LAN) and 10.1.10.20 (WIFI) interfaces over the tunnel to the other side and vice versa.

Whats the easiest way to acheive?
0
I would like to understand the difference of persistent connection and keep alive. Is it only applicable to HTTP protocol? Thanks!
0

VPN

23K

Solutions

22K

Contributors

A virtual private network (VPN) is a network that uses a public telecommunication infrastructure, such as the Internet, to provide remote offices or travelling users access to a central organizational network securely. VPNs encapsulate data transfers using secure cryptographic methods and other security mechanisms to ensure that only authorized users can access the network and that the data cannot be intercepted.